Welcome To Wallon

Turns out I was wrong about the socially engineered spam I wrote about a few days back. Prompted by some readers’ comments, I asked Sophos about it. This is what Carole Theriault has to say about it:

This is mass-mailing worm. It is call Wallon-A.
Essentially, it goes to a dodgy website and downloads a dialler program. Diallers change your modem connection number to a premium rate number without your knowledge or consent…. This is essentially unsolicited mail with a dodgy link.

Roger Thompson of PestPatrol tells me: “it’s a mass mailer, but no attachment… just a URL. The URL goes through a bunch of redirections until it gets to the real website, where it downloads the payload using one of the current exploits.”

Anyway, apologies to everyone for getting it wrong before.


All opinions are my own, and not necessarily those of Thomson Reuters.



RSS loose wire blog